IoT Will Change (Almost) Everything In Cybersecurity

Uploaded on 2017-06-27 in TECHNOLOGY-Key Areas-Internet of Things, TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

The Internet of Things is growing fast, with an estimated 8.4 billion devices expected to be connected this year. 

As a result of that rapid expansion, the IoT is reshaping the way in which we think about corporate cyber-security by increasing the attack surface, potentially adding billions of network points of entry for cyber-criminals, each one an additional target to be compromised. 

Gartner put security at the top of its list of the top 10 IoT technologies for 2017 and 2018, and recent research validates the high priority of cybersecurity and connected things among businesses. One recent survey at Black Hat USA 2016 revealed 70 percent of IT experts who responded indicated that their organisation wasn't prepared for IoT-related threats.

While these statistics are real, there also exists a great deal of hype in the market, painting a grave portrait of the IoT and its unique requirements as the grim reaper for businesses. IoT security is a real concern, with open-source cyber-threats like Mirai already showing its potential, but businesses shouldn't believe every scary tale they hear. An attack on any one endpoint doesn't necessarily have to mean all systems are compromised or crippled.

Organisations looking to build or adopt connected devices should educate themselves on how additional endpoints change their threat-scape, and should seek to address a few key questions:

What New Vulnerabilities Is the IoT Creating for the Network? 

New vulnerabilities are created not just by the expansion of entry points, but by the nature of those entry points. Some of the more common vulnerabilities and concerns that businesses need to prepare for include:

• Insecure Web interfaces: "Internet" is in the name, so step one of IoT security is to make certain the connections themselves are secure. 
• Insecure endpoints: Each endpoint is open to an attack, so any that aren't equipped with antivirus software could be infected with malware, opening up the gates to the rest of the network. Businesses will need to keep a watchful eye on how endpoints are behaving and interacting with the rest of the network. 
• Mobile interfaces: The IoT happens everywhere, so ensuring a secure mobile strategy is imperative, including monitoring credentials and any accidental exposure.
How can Business address IoT security/vulnerabilities? 
The changes to the attack surface aren't beyond our abilities to address. Business can do a few simple things to increase their IoT security from the start:
• Change all default passwords. Simple cybersecurity best practices, like always resetting default passwords, will continue to be a vital first step in the age of the IoT. 
• Like changing the password, using an encrypted connection whenever one is available is generally a good cybersecurity rule of thumb that helps to mitigate the risk of attack on the many endpoints within the IoT.
• Create guidelines to quickly call out anomalous behavior of sensors. Sensors perform a very specific task or set of tasks, so detecting any suspicious behavior should be relatively simple if the technology and personnel monitoring the network understand which behaviors are authorized upfront.

How Is the IoT Changing the Future of Securing Businesses? 

In many ways, securing an IoT-enabled business requires much of the same, but the game has changed in that the sheer volume of endpoints, and thus the area to secure, is quickly multiplying. Businesses will need to move beyond traditional network and endpoint security, and be diligent in monitoring all network connections. 
Detection and response strategies will need to become more closely integrated with cybersecurity practices, and IT departments will be most effective by combining the power of technology and human oversight to keep a watchful eye over expanded attack surfaces.

This is particularly true for new and emerging threats, and an overreliance on technology will result in undue complacency, which is exactly what the cybercriminals want in prospective targets.

IoT Journal:

You Might Also Read: 

Internet of Things Brings Threats To Security:

The Internet of Things Will Be Even More Vulnerable to Cyber Attacks:

Data Breaches & The Internet of Things:

Guide To The Internet of Things:

 

« Information Security Forum Launches - Threat Intelligence Report
Facebook Deploys AI To Block Terror Propaganda »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Securi-Tay

Securi-Tay

Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University, Dundee.

Mastercard

Mastercard

MasterCard is a leading global payments solutions company that serves consumers and businesses in over 210 countries and territories worldwide.

Nozomi Networks

Nozomi Networks

Nozomi Networks is a leader in Industrial Control System (ICS) cybersecurity, with a comprehensive platform to deliver real-time cybersecurity and operational visibility.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

Adit Ventures

Adit Ventures

Adit Ventures is a venture capital firm with a focus on dynamic growth sectors including AI & Machine Learning, Big Data, Cybersecurity and IoT.

Mindmajix Technologies

Mindmajix Technologies

Mindmajix is a live and interactive e-learning platform that offers professional online IT training in areas including cyber security.

Inveteck Global

Inveteck Global

Inveteck Global is a Ghana-based cyber security firm providing strategic guidance and technical solutions to all our clients to best serve their individual needs.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Polygraph

Polygraph

Polygraph monitors the activities of click fraud gangs, including how they operate, who they target, the techniques they use, and how to detect their fraud.

Fullstack Academy

Fullstack Academy

A trailblazer in bootcamp education, Fullstack Academy prepares students for fulfilling careers in tech through our NYC campus, online learning, and university partnerships.

Otava

Otava

Otava is a global leader of secure, compliant hybrid cloud and IT solutions for service providers, channel partners and enterprise clients.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

Astreya

Astreya

Astreya is the leading IT solutions provider for some of the world's most recognizable and innovative organizations.